Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    dual WAN, starlink and comcast … best practices?

    Scheduled Pinned Locked Moved Routing and Multi WAN
    10 Posts 3 Posters 1.4k Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K Offline
      khb
      last edited by

      Port 1: WAN/Comcast-"business"
      Port 2: LAN/internal
      Port 3: WAN2/Starlink

      I left 1, 2 alone so if I do a factory reset I don't need to pull wires. Failover works exactly as one would expect. But there's no obvious load balancing going on. Of course, NOW Comcast is behaving, and is faster than starlink so not much traffic should go there ;>

      Are there any good known / best practices for combing these two? Traffic shaping, load balancing, or ?

      Also, disabling WAN1 doesn't seem to have the same effect as a wire pull ... whats the best software way to simulate WAN1 down?

      C 1 Reply Last reply Reply Quote 0
      • C Offline
        chris.doldolia @khb
        last edited by

        @khb
        Best on my experience, Starlink is a pure Internet connection only and even if you have up to 300mbps of download speed of Starlink the upload speed is less than 30mbps only, not like fiber connections are 1 is to 1 speed for download and upload. For my configuration in the routing, I put Tear 1 for WAN and Tear 2 for WAN2, that configuration is good for LoadBalance FailOver. Thank you

        K 1 Reply Last reply Reply Quote 0
        • K Offline
          khb @chris.doldolia
          last edited by

          @chris-doldolia thank you. Before reading your note I'd gone ahead and setup a gateway group, putting both on Tier 1, and set both the default LAN rules (up+down) to use that gateway group. I now see peak speeds of 2x (600odd mbps down and 300odd mbps up).

          Based on your advice I'll try making starlink tier2, but even with it "on par" with Comcast (we can't get fiber here in the Village :<) the results are quite good.

          For anyone interested, now that I have an explicit gateway group, enable/disable a WAN now works as I'd expected.

          C S 2 Replies Last reply Reply Quote 0
          • C Offline
            chris.doldolia @khb
            last edited by

            @khb did you try the speed test alone the Starlink? If the bandwidth is higher when you connect stand-alone may be due to the configuration of your rules. Thank you

            K 1 Reply Last reply Reply Quote 0
            • K Offline
              khb @chris.doldolia
              last edited by khb

              @chris-doldolia yes. Alone my starlink download speed peak was a bit under 300mbps (usually lower, but I'm not motivated enough to run hundreds of runs across a few days and compute real statistics ;>). Download peak was about 150 (again, usually slower). Even the worst case starlink hasn't been observed to be too bad). And mostly our workload is dominated by video streaming (with various package and ISO downloads sometimes providing challenges). If/when I go back to having enough video conferences to justify special rules, I might want to steer those to Comcast (of course, Comcast unreliability is why we got a starlink ;>). Our comcast performance peaks at about 300/300 (paying for business grade service). But typically the Comcast upload is significantly slower ... so sometimes starlink is ahead, but Comcast is usually ahead.

              I set the gateway group rule to {packetloss|high latency} which probably favors Comcast (their latency is typically significantly lower than starlink). What those precise values are isn't obvious to me (but no doubt documented somewhere in the FM!)

              Rereading your last response, I've never seen the group result being worse than the starlink standalone ... and disabling Comcast and using only the gateway group the results are a wash with connecting directly (except for latency .. the starlink speedtest removes some of my LAN internal hops, or at least that's the most obvious explanation for what I observe).

              K 1 Reply Last reply Reply Quote 0
              • K Offline
                khb @khb
                last edited by

                I'm seeing better download performance with priority 1/1 .. but upload improves with 2/1 (possibly even better at 3/1 but I haven't run enough tests to have any confidence). Is there a way to have differing priorities based on direction as well as gateway itself?

                K 1 Reply Last reply Reply Quote 0
                • K Offline
                  khb @khb
                  last edited by

                  FuboTV has a policy of allowing 10 streaming devices for "home", but they determine home by tracking IP address. With multi-WAN and load balancing, it seems likely that at some point we will trip their "you can't have that many roaming devices" logic.

                  Is there a way to tie specific macIDs to a specific gateway? (well that would break failover ... is there a way to make it go with a specific gateway unless that gateway is down?). I'm not spotting the right magic in the firewall rules GUI.

                  1 Reply Last reply Reply Quote 0
                  • S Offline
                    sailorsale @khb
                    last edited by

                    @chris-doldolia google baseball said in dual WAN, starlink and comcast … best practices?:

                    @khb did you try the speed test alone the Starlink? If the bandwidth is higher when you connect stand-alone may be due to the configuration of your rules. Thank you

                    Thank you for sharing your experience with Starlink!
                    What specific challenges have you faced with the upload speeds on Starlink, and how does your LoadBalance FailOver setup improve your overall internet experience? Have you noticed any significant differences in performance compared to fiber connections?

                    K 1 Reply Last reply Reply Quote 0
                    • K Offline
                      khb @sailorsale
                      last edited by

                      @sailorsale I don't have fiber ... and it is unlikely it will ever be an option here (no overhead wires or light poles, fairly low density, despite being adjacent to Denver and Englewood the barriers to a build out are high).

                      Even with some experiments with routing, Fubo (but none of the other services) kept having random failures, which disappeared when I disabled one WAN (didn't matter which one). So I've changed my configuration to pure failover.

                      As for performance, I ran tests every 15m for many hours.... which seems to have triggered Comcast to limit me to the contracted speeds (so while at first I observed speed up to 780Mbps, it eventually reached a more or less steady state of 300/300. I suppose I should the same test on the starlink WAN alone (and probably will get around to it--and I'll post the results here). Based on the starlink "built in" speed test, I've observed speeds north of 250Mbps down, the uploads are lower than 50. I have to say, I've been pleasantly surprised at the Starlink performance. Despite being surrounded by large trees, we were able to find a good roof placement so that we have a pretty unobstructed view of the satellites.

                      My wife has a work entanglement with a site that, like Fubo, seems incredibly sensitive to requests coming from multiple WANs. If it was just that app, I'd just leave the Starlink wifi on and she could use that (less so for Fubo, which has some content she'd like to keep).

                      Anyone here have any experience using a VPN from two different WANs to handle this sort of case? Since I can't easily run a VPN on each TV, I think I'd need to run it on the Netgate ... which is kinda overkill (and to avoid triggering various streaming geo-logic, probably would have to be Denver adjacent). Failover is probably what I'll stick with, unfortunately.

                      K 1 Reply Last reply Reply Quote 0
                      • K Offline
                        khb @khb
                        last edited by

                        @khb FWIW, I ran speedtest-go with the default options every 15min for a couple of days.

                                              avg        stdev.       min         max
                         download            128.3         49.5       40.3        309
                           upload.            11.6          5.4        5.7         33
                        

                        The test was executed from the netgate, using only the starlink linked interface. A few sanity checks running the starlink native (naive, not advanced) test within a minute or so of the speedtest runs varied (sometimes matching a result from 15m before or after). The variability is large, which I expected, but varies faster than I'd have guessed.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.